Methods and apparatus for verifying the identity of a user requesting access using location information

ABSTRACT

A global positioning system (GPS)-based access control method and apparatus are disclosed for limiting access to a device or secure facility by verifying the location of an authorized user. The GPS-based access control system confirms that the user requesting access to a device or secure location is physically present at the location of the device or secure location. Upon an access control request, the location of the user is obtained using an individual GPS system carried by each user on a portable device, such as a pocket token, computer-readable card, cellular telephone or watch. If the location of a person making an access control request does not coincide with the coordinates of the individual GPS that is being worn by the authorized user associated with the password, then the person requesting access is unauthorized.

FIELD OF THE INVENTION

The present invention relates generally to access control techniques,and more particularly, to a method and apparatus for restricting accessto a particular device or secure facility.

BACKGROUND OF THE INVENTION

Computers and other devices, as well as secure facilities, often containproprietary and/or sensitive information, which could be compromised ifaccessed by unauthorized individuals. Thus, computer devices and securefacilities often incorporate security techniques, such as databaseaccess control mechanisms, to prevent unauthorized users from accessing,obtaining or altering the proprietary and/or sensitive information.Authentication techniques allow users to prove their identity and obtainauthorized access to a given device or secure facility.

A number of authentication protocols have been developed to prevent theunauthorized access of such devices or locations. For example, accesscontrol mechanisms typically utilize some variation of an alphanumericpersonal identification number (PIN) or password, that is presumablyknown only to the authorized user. Upon attempting to access a givendevice or physical location, the user enters the appropriate password,to establish his or her authority. Many users select a PIN or passwordthat is easy to remember. Thus, there is a significant risk that suchpasswords may be guessed or otherwise compromised, in which case anattacker can access the given device or location.

To minimize the risk that a password will be compromised, the number oflogin attempts that may be attempted are often limited, so that anattacker cannot keep trying different passwords until successful. Inaddition, users are often encouraged or required to change theirpassword periodically. One-time passwords have also been proposed tofurther increase security, where users are assigned a secret key thatmay be stored, for example, on a pocket token or a computer-readablecard. Upon attempting to access a desired device or location, a randomvalue, referred to as a “challenge,” is issued to the user. The pockettoken or computer-readable card then generates a “response” to thechallenge by encrypting the received challenge with the user's secretkey. The user obtains access to the device or location provided theresponse is accurate. In order to ensure that the pocket token orcomputer-readable card is utilized by the associated authorized user,the user typically must also manually enter a secret alphanumeric PIN orpassword.

In further variations, access control mechanisms have secured access todevices or secure locations by evaluating biometric information, such asfingerprints, retinal scans or voice characteristics. For a moredetailed discussion of one such biometric-based access control system,see, for example, U.S. Pat. No. 5,897,616, entitled “Apparatus andMethods for Speaker Verification/Identification/Classification EmployingNon-Acoustic and/or Acoustic Models and Databases,” U.S. patentapplication Ser. No. 09/008,122, filed Jan. 16, 1998, entitled “APortable Information and Transaction Processing System and MethodUtilizing Biometric Authorization and Digital Certificate Security,” andU.S. patent application Ser. No. 09/417,645, filed Oct. 14, 1999,entitled “Point of Sale and Vending Service Payment via PortableCommunication Device”, each assigned to the assignee of the presentinvention and incorporated by reference herein.

While such authentication tools reduce the unauthorized access ofequipment or a secure facility, they suffer from a number oflimitations, which if overcome, could dramatically increase the utilityand effectiveness of such tools. For example, there is currently nomechanism to ensure that a person associated with a given password isphysically present at the location where the password is utilized. Aneed therefore exists for an access control mechanism that uses theglobal positioning system to verify the location of a person who isrequesting access to a secured device or location.

SUMMARY OF THE INVENTION

Generally, a location-based access control method and apparatus aredisclosed for limiting access to a device or secure facility byverifying the location of an authorized user. According to one aspect ofthe invention, a GPS-based access control system confirms that the userrequesting access to a device or secure location is physically presentat the location of the device or secure location. In further variations,the location of the user is confirmed using, for example, triangulationtechniques or techniques used to implement the enhanced cellular 911system. In the illustrative embodiment, the location of the user isobtained from an individual GPS system carried by each user on aportable device, such as a pocket token, computer-readable card,cellular telephone or watch.

The GPS system utilizes a satellite network to identify the exactlocation of objects using radio signals received from the object. Theindividual GPS is used to obtain the physical location of the authorizeduser at the time of an access control request. If the location of aperson making an access control request does not coincide with thecoordinates of the individual GPS that is being worn by the authorizeduser, then the person requesting access is unauthorized.

Each device or secure location includes a GPS-based access controlsystem that issues a challenge to the user, upon an attempt to accessthe device or location, to establish the user's authority. For example,the challenge may include a request for a password, a request for apocket token or a computer-readable card, or a request for biometricinformation, such as fingerprints, retinal scans or voicecharacteristics. The GPS-based access control system queries the centralGPS system to identify the physical location of the authorized user whois registered with the entered password. The central GPS systemcommunicates with the individual GPS system associated with theauthorized user who is registered with the entered password, pockettoken, computer-readable card or biometric information, to determine thelocation. The central GPS system transmits the location coordinates tothe GPS-based access control system central server. The measuredlocation of the authorized user is compared with the known location ofthe device for which access has been requested. If the coordinatescorresponding to the measured location of the authorized user do notmatch the coordinates of the device for which access has been requested,then the access request is rejected.

A more complete understanding of the present invention, as well asfurther features and advantages of the present invention, will beobtained by reference to the following detailed description anddrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a network environment in which an illustrative globalpositioning system (GPS)-based access control system in accordance withthe present invention may operate;

FIG. 2 is a sample table from the authorized user database of FIG. 1;and

FIG. 3 is a flow chart describing an exemplary GPS-based access controlprocess incorporating features of the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 illustrates a network environment 100 in which the presentinvention can operate. As shown in FIG. 1, a global positioning system(GPS)-based access control system 130 restricts access to devices 102,105 that are connected to the network 100. According to a feature of thepresent invention, the GPS-based access control system 130 confirms thatthe user requesting access to the device or secure location isphysically present at the location of the device or secure location. Thelocation of the user is obtained from an individual GPS system 140carried by each user on a portable device, such as a pocket token,computer-readable card, cellular telephone or watch. GPS watches arecommercially available, for example, from Casio Computer Company Ltd. ofTokyo, Japan. While the present invention is illustrated herein using aGPS system to determine the location of a user, any well-known techniquecan be used, including those mentioned herein, as would be apparent to aperson of ordinary skill.

According to a feature of the invention, the GPS system is utilized toverify the identity of a user requesting access to a given device orsecure location, by ensuring that the person is physically present atthe location of the given device or secure location. The GPS systemutilizes a satellite network to identify the exact location of objectsusing radio signals received from the object, in a known manner. Eachauthorized user has an associated individual GPS 140. The presentinvention provides a new security measure that uses an individual GPS140 to obtain the physical location of the authorized user at the timeof an access control request. If the location of a person making anaccess control request does not coincide with the coordinates of theindividual GPS 140 that is being worn by the authorized user, then theperson requesting access is unauthorized. In other words, if theindividual GPS 140 associated with the authorized user is not at thelocation of the device 102, 105 that is being accessed, then access isdenied.

In further variations, the location of the user can be confirmed using,for example, triangulation techniques or techniques used to implementthe enhanced cellular 911 system. For a detailed discussion of enhanced911 cellular service (EC911), see Meyer et al., “Wireless Enhanced 9-1-1Service—Making It A Reality,” Bell Labs Technical Journal, 188-202(Autumn 1996), incorporated by reference herein. For a generaldiscussion of various systems and techniques for detecting the locationof a user using a transmitter, see, for example,http://www.cwt.vt.edu/projects/dominion;http://www.ecst.csuchico.edu/˜ian/cnm.html; “News You Can Use,”http://www.usnews.com/usnews/issue/980622/22cell.htm (Jun. 22, 1998),http://centralohio.thesource.net/Files3/9606135.html (Jun. 13, 1996) andBluetooth, http://www.bluetooth.com/v2/default.asp, each incorporated byreference herein. In yet another variation, the location of the personrequesting access to a particular device or facility, can be askedquestions about the location of the device or facility. The response canbe processed by a speech recognition system to validate the identity ofthe user, and the accuracy of the response can be used to confirm thatthe user is physically present at the device or facility. See, forexample, U.S. Pat. No. 5,897,616, entitled “Apparatus and Methods forSpeaker Verification/Identification/Classification EmployingNon-acoustic And/or Acoustic Models and Databases.”

For example, the identity of a user can be obtained or verified byrequiring the user to place a telephone call to the access controlsystem 130 from a predefined cellular telephone. Voice recognitiontechnology can be used to identify or verify the identity of the user,and the enhanced cellular 911 technology can be utilized to confirm thatthe user requesting access to the device or secure location isphysically present at the location of the device or secure location.Well-known caller identification (“caller id”) techniques can be used toconfirm that the user requesting access is using the appropriatecellular telephone. For a more detailed discussion of speakeridentification techniques and the use of caller identificationtechniques to confirm that the user requesting access is using theappropriate cellular telephone application, see, for example, U.S. Pat.No. 5,897,616, entitled “Apparatus and Methods for SpeakerVerification/Identification/Classification Employing Non-Acoustic and/orAcoustic Models and Databases,” U.S. patent application Ser. No.08/788,471, filed Jan. 28, 1997, entitled “Text Independent SpeakerRecognition For Transparent Command Ambiguity Resolution and ContinuousAccess Control,” U.S. patent application Ser. No. 08/787,029, filed Jan.28, 1997, entitled “Speaker Model Prefetching,” and U.S. patentapplication Ser. No. 08/851,982, filed May 6, 1997, entitled “SpeakerRecognition Over Large Population with Fast and Detailed Matches,” eachassigned to the assignee of the present invention and incorporated byreference herein.

As shown in FIG. 1, the device for which the user is requesting accessmay be, for example, an automated teller machine (ATM) 102, a computingdevice 105 or an access control mechanism (not shown), such as acard-reader, that restricts access to a secure location. Each device102, 105 includes a GPS-based access control system 130 that issues achallenge to the user, upon an attempt to access the device 102, 105, toestablish the user's authority. For example, the challenge may include arequest for a password, a request for a pocket token or acomputer-readable card, or a request for biometric information, such asfingerprints, retinal scans or voice characteristics. In addition,according to a feature of the present invention, the GPS-based accesscontrol system 130 queries the central GPS system located on satellites101 to identify the physical location of the authorized user who isregistered with the entered password or other response to the issuedchallenge. The central GPS system 101 communicates with the individualGPS system 140 associated with the authorized user who is registeredwith the entered password. The central GPS system can identify the exactlocation of the authorized user in a well-known manner.

The central GPS system transmits the location coordinates to theGPS-based access control system central server 120 using the network100. The GPS-based access control system central server 120 then uses aGPS position verification system 300, discussed below in conjunctionwith FIG. 3, to compare the measured location of the authorized userwith the known location of the device 102, 105 for which access has beenrequested. It is noted that the location of the device 102, 105 can befixed and pre-recorded for each device, or may be obtained in real-timeby associating an individual GPS 140 with the device 102, 105 and byusing the central GPS system to verify the location of the device 102,105 each time access is requested. If the coordinates corresponding tothe measured location of the authorized user do not match thecoordinates of the device 102, 105 for which access has been requested,then the access request is rejected.

In further variations, additional security measures can be obtained byimplementing a local verification system for the individual GPS 140associated with each user, to ensure that the individual GPS 140 isutilized only by the associated authorized user. For a discussion of asystem and method that perform local biometric authorization on adevice, see, for example, U.S. Pat. No. 5,953,700, entitled “PortableAcoustic Interface for Remote Access to Automatic Speech/SpeakerRecognition Server,” and U.S. patent application Ser. No. 09/008,122,filed Jan. 16, 1998, entitled “A Portable Information and TransactionProcessing System and Method Utilizing Biometric Authorization andDigital Certificate Security,” each assigned to the assignee of thepresent invention and incorporated by reference herein.

For example, a local verification system for the individual GPS 140 canrequire the user to periodically enter a password or can be based onbiometrics captured using sensors. In this manner, the possibility ofunauthorized access to a device 102, 105 as the result of a lost orstolen individual GPS 140 is reduced. For a discussion of a suitablelocal verification system for the individual GPS 140, see, for example,U.S. patent application Ser. No. 09/008,122, filed Jan. 16, 1998,entitled “A Portable Information and Transaction Processing System andMethod Utilizing Biometric Authorization and Digital CertificateSecurity,” and U.S. patent application Ser. No. 09/079,754, filed May15, 1998, entitled “Apparatus and Method for User Recognition EmployingBehavioral Passwords,” each assigned to the assignee of the presentinvention and incorporated by reference herein.

FIG. 2 illustrates an exemplary authorized user database 200 that storesinformation on each authorized user of the GPS-based access controlsystem 120. The exemplary authorized user database 200 maintains aplurality of records, each associated with a different user. For eachuser listed in field 240, the authorized user database 200 indicates thecurrent password in field 245 and identifies the individual GPS 140associated with the user in field 250. In this manner, upon an attemptto access a secure device or location, the GPS identifier in field 250can be used to obtain the current location of the authorized user.

FIG. 3 is a flow chart describing an exemplary GPS-based access controlprocess 300 incorporating features of the present invention. As shown inFIG. 3, the GPS-based access control process 300 is initiated duringstep 310 upon the user's entry of a password to request access to adevice 102, 105. The access control system 130 associated with thedevice transmits the password to the access control system centralserver 120 during step 320. Thereafter, the central server 120 uses thereceived password to access the authorized user database 200 during step330 and to retrieve the user name and GPS identifier, if any, associatedwith the password.

A test is performed during step 340 to determine if there is a GPSidentified in the appropriate record of the authorized user database 200for this user. If it is determined during step 340 that a GPS is notidentified in the appropriate record of the authorized user database 200for this user, then access is denied or other verification means areprovided during step 350. If, however, it is determined during step 340that a GPS is identified in the appropriate record of the authorizeduser database 200 for this user, then a request is sent to the centralGPS system 101 during step 360 to determine the location of theindividual GPS 140 that is identified for the authorized user (andpresumably being worn by the authorized user). The identified locationis received from the central GPS system 101 during step 365. Inaddition, the location of the device 102, 105 for which access has beenrequested is obtained during step 370.

A test is performed during step 380 to determine if the two positionsobtained during steps 365 and 370 coincide. If it is determined duringstep 380 that the two positions do coincide, then access is grantedduring step 390. If, however, it is determined during step 380 that thetwo positions do not coincide, then access is denied during step 395.

According to another feature of the present invention, the location ofthe authorized user can be used to reduce the population of interest inevaluating biometric information. For example, all of the users within apredefined distance of the device 102, 105 from which access is beingrequested can be determined. In addition, biometric information isobtained about the requestor. Thereafter, biometric identification isperformed to extract the individual from among the set of users who are“near” the device 102, 105.

In an alternate implementation, biometric identification can beperformed over the entire population of potential users. The biometricidentification system provides a list of potential names for the userrequesting access. The list of top N best matches is then evaluated todetermine if any of the users on the list are physically present at thelocation of the requested device 102, 105. Thus, the identified usermust both (i) be listed on the top N list, and (ii) be physically “near”the location of the requested device 102, 105.

It is noted that the present invention is particularly useful forimplementing the system described in U.S. patent application Ser. No.09/417,645, filed Oct. 14, 1999, entitled “Point of Sale and VendingService Payment via Portable Communication Device”, assigned to theassignee of the present invention and incorporated by reference above.

It is to be understood that the embodiments and variations shown anddescribed herein are merely illustrative of the principles of thisinvention and that various modifications may be implemented by thoseskilled in the art without departing from the scope and spirit of theinvention.

1. A method for verifying the identity of a user, said method comprisingthe steps of: issuing a challenge to said user; receiving a response tosaid challenge from said user; identifying a first location of anauthorized person associated with said response, wherein said firstlocation is identified by utilizing a portable device assigned to saiduser; identifying a second location where said response is received,wherein said second location is identified by utilizing locationinformation associated with a requested resource at said secondlocation; and providing access to said user if said first and secondlocations substantially match.
 2. The method of claim 1, wherein saidresponse is a password.
 3. The method of claim 1, wherein said responseis a pocket token.
 4. The method of claim 1, wherein said response is acomputer-readable card.
 5. The method of claim 1, wherein said responseis biometric information.
 6. The method of claim 1, wherein said firstlocation of an authorized person is obtained using an individual globalpositioning system.
 7. The method of claim 6, wherein said individualglobal positioning system includes a local verification system.
 8. Themethod of claim 6, wherein said individual global positioning system isincluded in a portable device carried by said authorized user.
 9. Themethod of claim 1, wherein said second location where said response isreceived is obtained from an individual global positioning systemassociated with a requested device or facility.
 10. The method of claim1, wherein said second location where said response is received isobtained from recorded information associated with a requested device orfacility.
 11. The method of claim 1, wherein said first location of anauthorized person is obtained using a triangulation technique.
 12. Themethod of claim 1, wherein said first location of an authorized personis obtained using enhanced cellular 911 techniques.
 13. The method ofclaim 1, wherein said first location of an authorized person is obtainedby identifying the location of a transmitting device associated withsaid authorized person.
 14. The method of claim 1, wherein said firstlocation of an authorized person is confirmed by querying said userabout something at the location of a requested device or facility. 15.The method of claim 14, further comprising the step of identifying saiduser by applying speaker recognition techniques to an answer to saidquery.
 16. A method for verifying the identity of a user, said methodcomprising the steps of: receiving a response to a challenge from saiduser; identifying a first location of an authorized person associatedwith said response, wherein said first location is identified byutilizing a portable device assigned to said authorized person;identifying a second location where said response is received, whereinsaid second location is identified by utilizing location informationassociated with a requested resource at said second location; andproviding access to said user if said first and second locationssubstantially match.
 17. The method of claim 16, wherein said firstlocation of an authorized person is obtained using an individual globalpositioning system.
 18. The method of claim 17, wherein said individualglobal positioning system includes a local verification system.
 19. Themethod of claim 17, wherein said individual global positioning system isincluded in a portable device carried by said authorized user.
 20. Themethod of claim 16, wherein said second location where said response isreceived is obtained from an individual global positioning systemassociated with a requested device or facility.
 21. The method of claim16, wherein said second location where said response is received isobtained from recorded information associated with a requested device orfacility.
 22. The method of claim 16, wherein said first location of anauthorized person is obtained using a triangulation technique.
 23. Themethod of claim 16, wherein said first location of an authorized personis obtained using enhanced cellular 911 techniques.
 24. The method ofclaim 16, wherein said first location of an authorized person isobtained by identifying the location of a transmitting device associatedwith said authorized person.
 25. The method of claim 16, wherein saidfirst location of an authorized person is confirmed by querying saiduser about something at the location of a requested device or facility.26. The method of claim 25, further comprising the step of identifyingsaid user by applying speaker recognition techniques to an answer tosaid query.
 27. A system for verifying the identity of a user,comprising: a memory that stores computer readable code; and a processoroperatively coupled to said memory, said processor configured to:receive a response to a challenge from said user; identify a firstlocation of an authorized person associated with said password, whereinsaid first location is identified by utilizing a portable deviceassigned to said authorized person; identify a second location of wheresaid response is received, wherein said second location is identified byutilizing location information associated with a requested resource atsaid second location; and provide access to said user if said first andsecond locations substantially match.
 28. The system of claim 27,wherein said first location of an authorized person is obtained using anindividual global positioning system.
 29. The system of claim 28,wherein said individual global positioning system includes a localverification system.
 30. The system of claim 28, wherein said individualglobal positioning system is included in a portable device carried bysaid authorized user.
 31. The system of claim 27, wherein said secondlocation where said response is received is obtained from an individualglobal positioning system associated with a requested device orfacility.
 32. The system of claim 27, wherein said second location wheresaid response is received is obtained from recorded informationassociated with a requested device or facility.
 33. The system of claim27, wherein said first location of an authorized person is obtainedusing a triangulation technique.
 34. The system of claim 27, whereinsaid first location of an authorized person is obtained using enhancedcellular 911 techniques.
 35. The system of claim 27, wherein said firstlocation of an authorized person is obtained by identifying the locationof a transmitting device associated with said authorized person.
 36. Thesystem of claim 27, wherein said first location of an authorized personis confirmed by querying said user about something at the location of arequested device or facility.
 37. The system of claim 36, wherein saidprocessor is further configured to identify said user by applying aspeaker recognition technique to an answer to said query.
 38. An articleof manufacture for verifying the identity of a user, comprising: acomputer readable medium having computer readable code means embodiedthereon, said computer readable program code means comprising: a step toreceive a response to a challenge from said user; a step to identify afirst location of an authorized person associated with said response,wherein said first location is identified by utilizing a portable deviceassigned to said authorized person; a step to identify a second locationwhere said response is received, wherein said second location isidentified by utilizing location information associated with a requestedresource at said second location; and a step to provide access to saiduser if said first and second locations substantially match.
 39. Amethod for identifying a user requesting access to a device, said methodcomprising the steps of: receiving biometric information from said user;identifying each registered person within a predefined distance of saidrequested device, wherein said identification is performed by utilizinga portable device assigned to each registered person and wherein alocation of said requested device is identified by utilizing locationinformation associated with said requested device; and identifying saiduser from among said identified persons using said biometricinformation.
 40. The method of claim 39, wherein said step ofidentifying each registered person within a predefined distance of saidrequested device further comprises the step of identifying individualglobal positioning systems associated with registered persons withinsaid predefined distance.
 41. The method of claim 39, wherein said stepof identifying each registered person within a predefined distance ofsaid requested device further comprises the step of identifyingtransmitting devices associated with registered persons within saidpredefined distance.
 42. A method for identifying a user requestingaccess, said method comprising the steps of: receiving biometricinformation from said user; identifying a list of potential users basedon said biometric information; and identifying said user by comparing alocation of each identified potential users with a location where saidbiometric information was obtained, wherein said location of eachidentified potential user is obtained by utilizing a portable deviceassigned to each identified potential user and wherein said locationwhere said biometric information was obtained is identified by utilizinglocation information associated with a requested resource at saidlocation where said biometric information was obtained.
 43. The methodof claim 42, wherein said location of each identified potential user isobtained by identifying the location of an individual global positioningsystem associated with each of said identified potential users.
 44. Themethod of claim 42, wherein said location of each identified potentialuser is obtained by identifying the location of a transmitting deviceassociated with each of said identified potential users.
 45. A methodfor identifying of a user requesting access to a device, said methodcomprising the steps of: receiving a communication from a transmittingdevice assigned to said user; identifying said user using a voicerecognition system; and confirming said user requesting access to saiddevice is physically present at the location of said requested device bydetermining a location of said transmitting device, wherein saidlocation of said requested device is identified by utilizing locationinformation associated with said requested device.
 46. The method ofclaim 45, wherein said transmitting device is a cellular telephone. 47.The method of claim 46, further comprising the step of confirming thatsaid user is using a cellular telephone associated with said user usingcaller identification techniques.
 48. The method of claim 47, whereinconfirming step further comprises the step of determining the locationof said cellular telephone using enhanced cellular 911 techniques.
 49. Asystem for identifying a user requesting access to a device, comprising:a memory that stores computer readable code; and a processor operativelycoupled to said memory, said processor configured to: receive biometricinformation from said user; identify each registered person within apredefined distance of said requested device, wherein saididentification is performed by utilizing a portable device assigned toeach registered person and wherein a location of said requested deviceis identified by utilizing location information associated with saidrequested device; and identify said user from among said identifiedpersons using said biometric information.
 50. The system of claim 49,wherein said registered persons within a predefined distance of saidrequested device further are identified by identifying individual globalpositioning systems associated with registered persons within saidpredefined distance.
 51. The system of claim 49, wherein said registeredperson within a predefined distance of said requested device areidentified by identifying transmitting devices associated withregistered persons within said predefined distance.
 52. A system foridentifying a user requesting access, comprising: a memory that storescomputer readable code; and a processor operatively coupled to saidmemory, said processor configured to: receive biometric information fromsaid user; identify a list of potential users based on said biometricinformation; and identify said user by comparing a location of eachidentified potential users with a location where said biometricinformation was obtained, wherein said location of each identifiedpotential user is obtained by utilizing a portable device assigned toeach identified potential user and wherein said location where saidbiometric information was obtained is identified by utilizing locationinformation associated with a requested resource at said location wheresaid biometric information was obtained.
 53. The system of claim 52,wherein said location of each identified potential user is obtained byidentifying the location of an individual global positioning systemassociated with each of said identified potential users.
 54. The systemof claim 52, wherein said location of each identified potential user isobtained by identifying the location of a transmitting device associatedwith each of said identified potential users.
 55. A system foridentifying of a user requesting access to a device, comprising: amemory that stores computer readable code; and a processor operativelycoupled to said memory, said processor configured to: receive acommunication from a transmitting device assigned to said user; identifysaid user using a voice recognition system; and confirm said userrequesting access to said device is physically present at the locationof said requested device by determining a location of said transmittingdevice, wherein said location of said requested device is identified byUtilizing location information associated with said requested device.56. The system of claim 55, wherein said transmitting device is acellular telephone.
 57. The system of claim 56, wherein said processoris further configured to confirm that said user is using a cellulartelephone associated with said user using caller identificationtechniques.
 58. The system of claim 57, wherein said processor isfurther configured to determine the location of said cellular telephoneusing enhanced cellular 911 techniques.